LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-16-2007, 03:29 AM   #1
gurdeep.singh
LQ Newbie
 
Registered: Jul 2006
Posts: 3

Rep: Reputation: 0
Thumbs down How to configure Iptables with PORT forwarding


Hi
i am new in linux.i Want to share internet and port forwarding. what rules should i add to iptables
Thanks
Gurdeep

Last edited by gurdeep.singh; 07-16-2007 at 04:49 AM.
 
Old 07-16-2007, 06:26 AM   #2
satishssquid
LQ Newbie
 
Registered: May 2005
Location: India
Distribution: redhat,suse,freebsd,mandrake.fedora
Posts: 6

Rep: Reputation: 0
For Port Forwading

Edit the file /etc/sysctl.conf


and set the value to

net.ipv4.ip_forward = 0

to 1

net.ipv4.ip_forward = 1

And if your using the static ipaddress for Internet

then under the postrouting rule define a rule.

if you use dial up for internet then use the Masquerade rule.
 
Old 07-16-2007, 02:07 PM   #3
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by satishssquid
And if your using the static ipaddress for Internet

then under the postrouting rule define a rule.

if you use dial up for internet then use the Masquerade rule.
To add to this: Here's what those commands actually look like:
Code:
iptables -t nat -A POSTROUTING -o eth0 -j SNAT \
--to-source 1.2.3.4
Code:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
These assume eth0 is the name of your external interface, and 1.2.3.4 is the static IP it has. As you can see, the MASQUERADE target doesn't need a static IP, which makes it perfect for dynamic connections, but it will work fine regardless.
 
Old 07-16-2007, 11:11 PM   #4
gurdeep.singh
LQ Newbie
 
Registered: Jul 2006
Posts: 3

Original Poster
Rep: Reputation: 0
Port forwarding rules

Hi
thanks to all. i am using static ip address. these rules working for internet sharing, but how can i forward vnc request on static ip to my local lan computer.
Thanks
 
Old 07-18-2007, 02:00 PM   #5
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by gurdeep.singh
Hi
thanks to all. i am using static ip address. these rules working for internet sharing, but how can i forward vnc request on static ip to my local lan computer.
Thanks
It would go like:
Code:
iptables -t nat -A PREROUTING -p TCP -i eth0 --dport XXX \
-j DNAT --to-destination 192.168.123.123
Replace XXX with whatever port or port range VNC uses.
 
Old 07-20-2007, 07:05 AM   #6
gurdeep.singh
LQ Newbie
 
Registered: Jul 2006
Posts: 3

Original Poster
Rep: Reputation: 0
Not working

Hi
Dear Friends this rule is not working when i attempt to connect by VNC from Remote network. it gives me error Connection Refused
any other rules
Thanks
Gurdeep Singh
 
Old 07-24-2007, 12:12 PM   #7
bakfupai
Member
 
Registered: Apr 2006
Location: Sweden
Distribution: CentOS, RHEL, SourceMage, OpenBSD
Posts: 40

Rep: Reputation: 15
Connection refused indicates that the connection is not DROPped by the firewall but that it is rejected. This can be because there is some kind of REJECT rule in the firewall or perhaps more likely that the VNC server is not running (at least not on that port).

Also, you should know that using VNC over a insecure network can be risky since most implementations doesn't use encryption. A more secure way to use VNC is to use it over an SSH tunnel:

http://en.wikipedia.org/wiki/Ssh_tunnel
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
IPCHAINS port forwarding and IPTABLES port forwarding ediestajr Linux - Networking 26 01-14-2007 07:35 PM
iptables - port forwarding satimis Linux - Networking 22 12-04-2006 09:44 AM
Forwarding a port using iptables xtremeclones Linux - Networking 1 11-18-2006 05:21 AM
port forwarding with iptables David_99 Linux - Security 5 12-09-2003 08:37 PM
iptables port forwarding hawk4eye Linux - Security 2 02-07-2003 04:47 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:24 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration